Exploit for CVE-2026-1729

CVE-2026-1729 - AdForest WordPress Authentication Bypass PoC...

CVE-2025-36065

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 (5.2.0.00–5.2.0.12) has a session management flaw: it does not invalidate the user session after a browser closure, enabling an authenticated user to impersonate another user. The issue is classed under Insufficient Session Ex...

ntree

NTREE v2.0 - Neural Tactical Red-Team Exploitation Engine C...

CVE-2025-62631

An insufficient session expiration vulnerability CWE-613 vulnerability in Fortinet FortiOS 7.4.0, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions allows attacker to maintain access to network resources via an active SSLVPN session not terminated after a user's passwor...

EUVD-2025-199905

OrangeHRM is a comprehensive human resource management HRM system. From version 5.0 to 5.7, the application does not invalidate existing sessions when a user is disabled or when a password change occurs, allowing active session cookies to remain valid indefinitely. As a result, a disabled user, o...

CVE-2025-66289 OrangeHRM is Vulnerable to Persistent Session Access Due to Missing Invalidation After User Disable and Password Change

OrangeHRM is a comprehensive human resource management HRM system. From version 5.0 to 5.7, the application does not invalidate existing sessions when a user is disabled or when a password change occurs, allowing active session cookies to remain valid indefinitely. As a result, a disabled user, o...

CVE-2025-64489 SuiteCRM: Privilege Escalation via Improper Session Invalidation and Inactive User Bypass

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Versions 7.14.7 and prior, 8.0.0-beta.1 through 8.9.0 contain a privilege escalation vulnerability where user sessions are not invalidated upon account deactivation. An inactive user with an...

SuiteCRM 安全漏洞

SuiteCRM is a customer relationship management system from the SuiteCRM team. A security vulnerability exists in SuiteCRM versions 7.14.7 and earlier and 8.0.0-beta.1 through 8.9.0, which stems from a user session not being disabled when the account is deactivated, which could result in elevated...

PT-2025-45498

Name of the Vulnerable Software and Affected Versions SuiteCRM versions 7.14.7 and prior SuiteCRM versions 8.0.0 through 8.9.0 Description SuiteCRM is a Customer Relationship Management CRM software application. A flaw exists where user sessions are not invalidated when an account is deactivated....

CVE-2025-34269

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as it is a duplicate of CVE-2025-60424...

CVE-2025-34269

This CVE-2025-34269 entry concerns Nagios Fusion prior to R2.1, where the application does not require re-authentication or session rotation after a user enables 2FA. A valid session may persist after 2FA is enabled, enabling potential persistent account takeover and undermining the legitimate us...

CVE-2025-62723

FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.23.2, any authenticated user can create sessions and have them collect QoS messages. When not sent to a client, these are then not released upon eventual session expiration. Version 1.23.2 fixes the issue...

EUVD-2020-26268

Malware in sbrugna...

EUVD-2003-1085

Malware in sbrugna...

EUVD-2017-1416

Malware in sbrugna...

EUVD-2017-1420

Malware in sbrugna...

EUVD-2019-12028

Malware in sbrugna...

EUVD-2022-4624

Malicious code in bioql PyPI...

EUVD-2025-26634

Malicious code in bioql PyPI...

EUVD-2022-46527

Malicious code in bioql PyPI...